Already Inadequately Protected IoT Ecosystems Raise Concerns about Post Quantum Computing
(DarkReading) As industrial applications drive the next major growth phase of the Internet of Things (IoT), there are growing concerns about how the data that flows through its ecosystems is created, validated, protected, transported, shared, and analyzed.
Many IoT devices are inadequately protected from hacking, which threatens the security of the IoT ecosystem and other networks to which it connects. Internet security, privacy, and authentication are not new issues, but IoT presents unique security challenges.
Much work is being driven by concerns that upcoming quantum computers may undermine or invalidate today’s approaches. These post-quantum cryptography (PQC) strategies may also have valuable properties for enabling IoT security.
In the quantum computing era, it’s a challenge to handle encryption keys and digital signatures that are long enough to offer good security on devices with limited memory, power, and communications resources.
IoT security practitioners need to be aware of standardization processes and work out which Post-Quantum Computing (PQC) strategies will work within the constrained resources of IoT devices. NIST is exploring how robust the new algorithms will be to side-channel attacks and the issues relating to the bandwidth requirements of digital signatures in a post-quantum computing world.
Digital signatures are vital for authentication between devices and servers. America’s National Institute of Standards and Technology (NIST) is exploring technologies to replace today’s approaches to digital signatures. A comparison with ECDSA, a standard approach used today, reveals the issue: To transmit a signature with 128 bits of security, ECDSA must send a public key of 256 bits and a signature of around 576 bits. The most compact Post Quantum Computing (PQC) digital-signature strategy remaining in the NIST analysis uses an 896-byte public key and a 690-byte signature. In other words, the PQC implementation of a digital signature needs about 15 times more bandwidth than ECDSA, as well as more computation and more memory to store cryptographic keys.
(NOTE: This article by Dr. Charlie Grover, cryptography researcher at Crypto Quantique, is summarized here by IQT. Dr. Grover’s discussion is information-dense covering both today’s IoT and future PQC implications).